Changed content security policy for matomo tracking

2024-11-22 12:41:05 +01:00 · 2023-11-23 15:36:38 +01:00 · 2023-11-23 15:36:38 +01:00 · dc11daf43d
commit dc11daf43d
parent 9b82435a6d
2 changed files with 7 additions and 3 deletions
--- a/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2
+++ b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2
@ -1,5 +1,8 @@
+# Add CSP header
+more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self' https://matomo.{{top_domain}}; script-src 'self' 'unsafe-inline' https://matomo.{{top_domain}};";
+
+
 # sub filters to integrate matomo tracking code in nginx websites
 sub_filter '</head>' '<script>{{matomo_tracking_code_one_liner}}</script></head>';
-sub_filter '</body>' '<noscript><p><img src="//matomo.veen.world/matomo.php?idsite={{matomo_site_id}}&rec=1" style="border:0;" alt="" /></p></noscript></body>';
+sub_filter '</body>' '<noscript><p><img src="//matomo.{{top_domain}}/matomo.php?idsite={{matomo_site_id}}&rec=1" style="border:0;" alt="" /></p></noscript></body>';
 sub_filter_once off;
-# sub_filter_types text/html; This is standart
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@ -1,3 +1,4 @@
+load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
 worker_processes auto;

 events